Daily Tech Digest - January 01, 2020

“As there have been more and more high-profile data breaches in recent years, this has translated to companies seeing the need for having people who can help them protect their data,” Stansell says. The field is projected to grow by 32% through 2028, according to the Bureau of Labor Statistics. (The average growth rate for all occupations is 5%.) However, the need for information security engineers has far eclipsed the number of people with the skills to do the job. The U.S. Department of Commerce recently estimated there are 350,000 unfilled cybersecurity jobs in the country. Cybersecurity Ventures, an analytics and research company, estimates 3.5 million jobs in cybersecurity around the world are likely to go unfilled by 2021. This talent shortage means workers in the field are paid handsomely. While Glassdoor data says information security engineers earn a median base salary of just over $100,000 per year, top-level jobs in the field, like chief information security officer, can yield pay above $300,000 in top metro areas, according to cybersecurity recruiting firm SilverBull.

Singapore tax on overseas digital services kicks in tomorrow

According to the Inland Revenue Authority of Singapore (IRAS), more than 100 providers of such services had enrolled under the city-state's Overseas Vendor Registration (OVR) regime, which meant they would begin charging GST on the sale of their digital services from tomorrow. The government agency defined digital services as services supplied online or an electronic network that required minimal or no human intervention and were "impossible without the use of information technology". Under the new regime, overseas digital service providers with a yearly global turnover of more than S$1 million and sold more than S$100,000 worth of digital services to customers in Singapore in a 12-month period were required to register for GST and charge GST. The new tax would not apply to online purchases of goods, IRAS said, noting that GST already was payable on goods--valued above S$400--imported into Singapore, via air or post. The government, however, had said it would continue to review the tax regime on such e-commerce transactions before determining how it should proceed.

big brother privacy eye data breach security binary valerybrozhinsky getty
A few things. One, merely having that extensive a range of PII in one place about one individual is dangerous. If a breach against Lookout does somehow happen — no security is perfect — it would be a bonanza for the cyberthief. From a security perspective, this company's marketing about this service could itself make identity and cyber thieves attracted to the site. They might spend extra resources and effort to break in, which is truly not what a customer wants. Two, it sends the wrong message. Privacy advocates rightly argue to never give anyone or any site more information than they absolutely need ("need to know" is appropriate here). And when the company is directly asking for such a gold mine of PII data (it was probably the passport data request that really sent me soaring), it makes people worried. What, people may wonder, if that page is a phishing page that was designed to merely look like a Lookout page? How is a user supposed to tell the difference? Three, in 2020 (OK, when we're this close to 2020), no company is an island. What if one of its employees turned to the dark side? What if the company you use for backup gets breached?

How a rules engine can drive -- or derail -- an IT automation strategy

In a perfect world, an IT team can set most types of rules quickly and, once in place, they mostly run on autopilot. But what happens with a distributed denial of service (DDoS) attack? Without limitations or additional conditions in place, a rules engine might spin up unlimited resources in the cloud to deal with a DDoS attack in the middle of the night when nobody is around to hit a kill switch -- which could lead to a massive bill from a cloud provider. Create additional conditions or rules to prevent an existing rule, or set of rules, from spinning out of control in an unplanned or unforeseen event. These additional rules can limit how many total resources are allocated in a given time frame, or where resources are available. Apply these additional rules to the original rules that are designed to create resources. This creates a collection of interacting rules that can limit or enable each other -- which, without careful management, can create a confusing spider web of rule sets that you can't untangle, much like a pile of cables hidden in a data center closet.

The report isn't only filled with good news for wearable manufacturers and their customers: There are a couple of roadblocks that could prevent the industry's growth. Data security and privacy issues are both mentioned as potential issues. There's reason to believe that these concerns are valid, too: Industrial IoT adoption, which arguably contains wearables, has made the manufacturing industry a ripe target for attack. As reported previously by TechRepublic, analysis of industrial networks found higher levels of malicious activity than was expected in 2018, indicating that attackers had already penetrated many networks and were conducting reconnaissance. The nature of IoT networks means that a lot of sensitive data is being passed between sensors and other connected devices, all of which could be harvested by an attacker. Adding wearables to the mix only gives attackers one more type of data to exploit. Along with data theft, privacy for those wearing the devices is at risk as well. If an attacker is able to harvest business data there's nothing stopping them from potentially stealing personal data about employees wearing connected devices either.

Parse Anything with Parsley: A Different Approach

Originally, I wrote the Slang parser using a hand built recursive descent parsing technique similar to that used by Microsoft's production C# compiler. However, maintenance is a bear, and even though the source is partitioned across several files it quickly becomes overwhelming. Unlike Microsoft, I don't have a team available to delegate building the different parts of the parser to. To that end, I needed a tool that would help build me a parser. I considered using ANTLR but I don't like its API or grammar format, and the grammar I found for C# generated an 800K+ source file for parsing C#6 - which wouldn't parse! No thanks. Moving on, I found a grammar for Coco/R as well, but it uses so much embedded state to resolve its parse that it's hard to follow, leading me to the same maintenance and comprehension issues as my hand written parser! For various reasons I'm sticking to LL parsing versus LR parsing so tools like Gppg are off the table, even if they could parse C#. If you don't know the difference between LL and LR parsing it doesn't matter here, but LL parses top down, using the grammar to direct the parse, while LR parses from bottom up, using the next input to direct the parse.

From crypto currency to chocolate – where to spend your Bitcoin

Italia Click is a international food distributor that embraces technologies such as Bitcoin and uses them to accept payments. In November it added crypto to its payment options and will accept payment in several different crypto currencies such as Bitcoin SV, Etherium, and Ripple. I can vouch for the deliciousness of the chocolate! Crete-based 35North sells extra virgin olive oil from where the 35th parallel north crosses the mountains of Crete. Although its Twitter account states that FIAT and crypto payments are accepted, the online shop only offers the choice to pay by card or PayPal. You will need to make a special request for your crypto to be accepted via the online store. Hot Hogs BBQ is a food truck in Keen, NH which gets enthusiastic reviews from customers and won WMUR Best Barbecue in NH 2019. It accepts Bitcoin, dash, BitcoinSV, and Bitcoin cash for your BBQ, but hold fire before hot footing it over to NH – Hot Hogs is now closed until the spring. The Lucky Hot Dog is a food truck in Chicago, IL serving dogs, burgers, beef and chicken. Payment by Bitcoin, card or cash.

Book Review: Enterprise API Management

Any API initiative should start by identifying the business drivers for such endeavor, such as what are the benefits targeted and why, how will these targets be measured once delivered, and what return can be expected on the investment (ROI) (naturally leading to the question, what is the investment required in the first place!). At this stage, it is less about the technicalities of APIs and more about the business itself. Therefore, it is empirical to elaborate an understanding of the business domain, its language, its key stakeholders, and how it operates. Doing so can help in identifying ways on how APIs can help, or in other words, the business drivers? Once such business drivers are identified, then it’s a matter of presenting them in a comprehensive way to the right stakeholders. At this point, communication and presentation skills matter a lot, and so does the language used. A lot can go wrong at this point. If the presentation is too technical, business professionals will struggle to understand the value of what’s been offered.

CGM technology could ultimately be rolled out to people with type 2 diabetes, and those in the pre-diabetic range – people whose blood sugar is higher than normal but not yet diabetic. The idea of getting people who aren't on insulin to use CGM is to show the impact of certain foods and behaviours on their glucose levels, and so help them to keep levels in the right range. "Until you really have direct feedback, it can be hard to really understand why that's important," Leach says. "I think there can be a whole lot more around that coaching or the advice or the analytics that you put around the data to help you get more people with either pre-diabetes, or even with just general health and wellness. I think there's a lot of opportunity and there's quite a few pilots we're entering into any different areas to learn more about what works for those users." For the traditional CGM user base – people who control their diabetes with insulin injections – the next few years are likely to bring another sea-change in technology with the advent of closed-loop or 'artificial pancreas' systems, single units that both monitor glucose and deliver insulin accordingly.

5G will change the world - but who will keep it safe?

A newly installed 5G antenna system made by Ericsson for the AT&T's 5G wireless network is shown high atop a building in downtown San Diego, California, U.S., April 23, 2019
Robust security will need to be designed into both devices and network equipment from the outset, with a continuous product security lifecycle in place to manage it, as well as a secure software development lifecycle. The networks of the future will be largely virtualized, software-based networks. This means they will be difficult to test as verifiably secure at any point in time. Governments and others such as large businesses who interact with a range of other suppliers and networks will need to consider how appropriate incentives are put in place throughout the supply chain to encourage effective consideration of security in the development and operation of new networks. To ensure interoperability around the globe and to truly realize the benefits of the Fourth Industrial Revolution, governments will also need to consider how they can promote more international approaches to securing and building trust in next-generation networks.

Quote for the day:

"Coaching is a profession of love. You can't coach people unless you love them." -- Eddie Robinson

No comments:

Post a Comment